Listed “blue-chip” in Hong Kong
• Lead, and conduct audit assignments and to control assessments involving Information Technology (IT) applications and infrastructure controls to ascertain control effectiveness and provide recommendations for areas of improvements
• Perform pre and post- implementation reviews of system implementations or enhancements;
• IT security audits (e.g. network, operating system and data center), including evaluating if security vulnerabilities are properly identified and mitigated.
• Evaluate information general computing controls and provide value added feedback. Test compliance with those controls;
• Perform various other reviews of IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security to ensure that controls surrounding these processes are adequate;
• Conduct project reviews of critical IT development programs to ascertain adequacy of project and change management processes for effective implementation;
• Track and follow up open audit/regulatory issues related to IT to ascertain that they are timely and satisfactorily rectified;
• Provide Business and IT management with guidance on IT risk management matters, particularly on application and infrastructure security;
• Responsible for developing and maintaining the IT Risk Assessment; including identifying areas where business units should consider additional investment and areas internal audit should focus;
• Provide internal audit service through analyzing company server systems and multi-platform systems while providing business insights through visualization, trend and correlation analysis and data mining to the company and develop internal work plans and project approaches;
• Develop, build & implement tools to analyze data to improve audit efficiency and effectiveness, (including for risk assessments). Ultimately be a source for analytics that business units adopt to provide business insights or for continuous auditing.
• University graduate in IT, Computer Science, Accounting, or related disciplines;
• 7 years’ experience in internal/external IT audit or IT risk management;
• Qualifications in information systems, operations or accounting highly regarded (e.g. CISA, HKICPA);
• Prior position in IT Governance/IT Audit – internal audit or external auditing firm;
• Sound knowledge of IT application and infrastructure controls;
• Thorough understanding of risk assessment practice and internal control concept. With the ability to formulate practical audit procedures for evaluating the company's internal business procedures, functions and other specific areas;
• Good analytical, interpersonal and communication skills;
• Good report writing skills in English and Chinese.
• Preferred: Hands on experience in doing SQL programming and conducting data mining, as well as conducting query performance and tuning, using Oracle database, MS SQL-Server, MS Access, and/ or SAS;
• Preferred: Experience in data analytics/process analytics/retail analytics, data modelling, data mining, database management, business intelligence implementation and development of data warehouse ETL process;
• Preferred: Hands on experience in any of the following scripting languages: Python, R, Visual basic;
• Preferred: Hands on experience in any of the business intelligent and analytics tools such as Qlikview, Tableau, SAS, IDEA, ACL, Oversight Systems, SAP BI, etc.
